| Comments

i’ve been reading a bit lately and have been a bit frustrating with some of the reading i’ve found.  i like when people put microsoft in their place by pointing out factual evidence and apples-apples comparisons…or even provide specifications for us to build upon.

one specifically that has been getting some attention is the article hosted on oracle.com with regard to php vs. asp.net.  i’m not even sure when this article was written — it has no timestamp information on it to understand the comparison time frame benchmarks.  regardless, this article is being debated quite fervently in the asp.net *and* php communities, both claiming it favors both sides.

joe, a softie who works a lot with PHP, had his own rebuttal today.  it seems that both sides are accurately frustrated.  probably more so that it is written by a person that really introduces none of his credentials qualifying himself as an expert on either area, but as an oracle dba.

the article makes sweeping suggestions around security and speed — but provides no real data to back it up.  if they are really true, i’ll be the first one to stand in line as well and yell at my own organization — but you can’t prove/fix that which isn’t documented?  you can’t (or shouldn’t be allowed to say in public and if you do, flogging allowed) say that ‘it’s faster’ and not put any meat behind that argument.  heck, even lie about a test you did…but at least don’t just put it there with a because i say so interpretation.

i’ve also been dabbling in linux lately.  trying to understand the passion behind it and the great distaste for windows.  i really only have know windows intimately.  i’ve worked with linux a few times and at length on the server side (dns, etc.) but not really as a dev platform—and even that was bash-ing my way through the system with no gui — you know, the ‘right’ way on linux ;-).  so there’s my caveat #1.  caveat #2 — i have a mac.  i like it.  i think it can do things better than windows.  i think windows does things better than it most of the time (especially with regard to my job/hobbies) — but more on that later.

anywhooo….i received a copy of Beginning Ubuntu Linux and encouraged to look at it (as i’ve bene looking more at fedora and suse).  ubuntu is supposed to be the ‘linux for real people’ operating system…so i decided to take a look.  i got to page 9 before i was throwing up with the unsubstantiated goo in the book.  i really would have loved to see a book about ubuntu…instead it starts out as a rant on ‘why i hate microsoft’ veiled under a ‘history of linux’ heading.

under a section entitled: The Benefits of Linux, a subsection of Crash-Free (note to editors, when you hyphenate, the second word isn’t capitalized).  first sentence verbatim: “A primary benefit of Linux is that it doesn’t crash.”  there aren’t many sentences after that before it further states: “Of course, programs that run on top of Linux sometimes crash, but they don’t take the rest of the system down with them…”  and immediately below that there is a “note” of:

“Actually, very few programs under Linux crash.  Because Linux programmers use a different method of bug testing than used by Microsoft developers, there are arguably fewer bugs, and those that are discovered are fixed very quickly.”

hmmm…really?  this made me sick.  why?  i’m not even going to argue if it is true or not…because i can’t (if i was a new reader to the book).  you can even apply the MLF (mother-in-law factor) design principle to book authoring.  global comments like that are irresponsible if not backed up.  if someone didn’t know better, they take these comments as fact.  this book provides no reference to facts/statements to support these comments — and that is irresponsible.

if i dissect the comment.

…use a different method of bug testing than used by Microsoft…” — what method?  and how do you know Microsoft developers don’t use it?  especially given our drive around test-driven development.

“…there are arguably fewer bugs…” – really, and how is that being measured?  with windows are you bundling everything up, but with linux are you saying only the kernel, even though someone loaded it up with apache, php, mysql, postres, named, etc, etc. — bundle all them up, how many patches are there?  and oh by the way, who has the responsibility of getting those updates to the consumer (note: i think redhat, etc. are getting a lot better and providing an auto update feature based on packages installed). 

…and those that are discovered are fixed very quickly.” – wow, based on what?  if you look at a forrester research paper (posted on forrester for $775, but free here) that shows some interesting trends of time-to-fix of vulnerabilities.  when using a definition (and i’m only choosing not to define them here because you can get them online) of ‘all days of risk’ (essentially vulnerability identified to the platform maintainer’s first fix), microsoft has been substantially lower than the linux community.  for the study period, microsoft had 25 days of risk, and (i’ll use SUSE because the author keir thomas’ first book was beginning suse) SUSE was 74.  the study gives credit to debian’s developer federiation reducing the distribution days of risk.  now granted the risk levels vary, but it does show that microsoft responds quickly.

there is also a comment in the book that linux is “far, far more secure” than windows.  take a look at the forrester study referenced in the previous section.  during the study period microsoft had 128 total flaws, 86 of which were deemed high-security (67%), where SUSE had 176 identified flaws, 111 of which were deemed high-security (63%) — is that “far, far more secure”?  not according to any known math.

at any rate, the book/article fueled frustration that when we talk about claims (on either side), we need to back them up with some level of facts.  otherwise we aren’t doing anyone a favor by spewing irresponsible opinion and the mouths of passionate zealots (microsoft ones included).

Please enjoy some of these other recent posts...

Comments